Countdown to Unsupported XP
Microsoft announced that extended support for Windows XP ends on April 8, 2014. After this date, Microsoft will not release any security patches or updates for Windows XP. This will effectively make Windows XP non-compliant with HIPAA/HITECH after Microsoft support ends. XP users in the healthcare space are encouraged to upgrade their hardware so they can remain in compliance.
Microsoft XP is the most widely-used computer operating system (OS) ever, and it has been supported for over twelve years. Think about the average function of a twelve-year-old automobile with over 200k miles on it. It may work, but your chances of a major breakdown and getting stranded on a cross-country drive are exponentially greater. XP is the longest-living operating system in an era in which OS versions last only a few months due to vital security vulnerabilities. The last thing a healthcare provider can afford is a broken-down practice where finance data, or worse, patient medical information, is exposed to cyber criminals. Keep in mind that it’s very likely your practice will experience a cyber-attack on your network and patient records in the next decade due to the linking of healthcare systems and increased proliferation of cyber-crime in the healthcare space. You just need to take a look at healthcare.gov, the Obamacare insurance portal, to realize that there is a long line of identity thieves and even other nations that want access to your patient records. They are counting on your practice to be under-protected and a virtual gold mine. Your practice is easier picking than the retail markets that have been fighting the cyber-crime battle longer and have evolved their resources to become tougher targets for criminals.
At the time of this writing, it’s estimated that Windows XP continues to support 29% of all computer usage and is second in use only to Windows 7. In business, this percentage escalates to a whopping 85% and potentially higher in the healthcare industry. It’s a huge concern that relatively few healthcare providers are aware of the end of Windows XP support. The EHR push began in the late 90’s to early 2000’s prior to the EHR Incentive the Government passed in the American Recovery and Reinvestment Act of 2009. During this time, Windows XP Pro was the operating system of choice and continued to be so through a failed Windows Vista launch, until four years ago when Windows 7 was released. Many software providers have continued to build legacy support for XP systems to support their client base, and to entice EHR adoption or providers on older hardware systems who have been hesitant to expense a hardware upgrade. Adding to the exposure of providers is that most of these EHR software systems will continue to work on XP well after the April 8th date without even a notice, which gives the unknowing practice a false sense of security. It may be too late by the time a problem is detected, and your HIPAA compliance will be in question. It only takes one Windows XP machine operating on your network, even if that PC does not have EHR software installed; in addition, online and cloud EHR systems are not exempt since many can be used on any browser allowed to run on Windows XP.
It’s not like the “XP HIPAA Police” will be knocking down your practice door on April 8th citing HIPAA violations. The truth of the matter is, we just don’t know what the response will be or what rule changes, enforcements, and threats await our future. The looming grey should be enough to take the danger seriously and to create a plan for handling this change. Ultimately, the burden will be yours to bear. Healthcare professionals should do a risk analysis of their individual hardware and network setup to ensure HIPAA compliancy.
The bottom line is that now is the time to take action. The good news is that the immediate solution is straightforward and can be relatively painless depending on the compatibility of your EHR software and the number of XP computers in your practice. It’s time to retire those Windows XP machines. Some newer capable computers will be able to upgrade to a qualified operating system. There are many third-party devices and equipment in the healthcare technology space that don’t have working drivers or required connectors on newer computers, and can’t be replaced. These irreplaceable hardware items will need to be removed from the network or other vulnerable situations. The hardware cost should not be as great as your initial purchase of those XP machines in 2000, as prices have dropped roughly 70% across the board; even lower-end hardware has the power and resources to run most client applications. Furthermore, many of the old higher-priced hardware items such as touch screens are integrated.
It is vital that you have an EHR software partner who is engaged in the process and that you start working with them today. They should be ready to assist in the compatibility evaluation of your current systems, provide solutions, and direct your purchase of appropriate hardware.
Steps to Your Upgrade Strategy:
- Remove any unneeded XP Computers in your office.
- Determine whether your current software will work on a contemporary OS, or if a software upgrade or complete transition will be required for compatibility.
- Inventory Windows XP computers in use that are required for operation.
- Evaluate new software and hardware options such as devices, mobility apps, or all-in-one systems with touch screens that can reduce the number of total desktop replacements.
How to find what operating system you are using:
Determine if your computer is capable of upgrading to Windows 8:
Read more about the end of Windows XP support from Microsoft: